Privacy Policy
Last updated: 7 June 2026 · Applies to beyondtheorywhatworks.com, guide.beyondtheorywhatworks.com (Beyond Theory Guide) and app.beyondtheorywhatworks.com
1. Who we are
Beyond Theory What Works and its Beyond Theory Guide advisor are operated by Cloudpot, a company registered in the Netherlands (KVK: 88275612, VAT: NL004573874B67). Cloudpot is the data controller for the personal data described in this policy.
Privacy contact: support@beyondtheorywhatworks.com
Use this address for any question or request about your data.
2. What we collect
- Account data — your email address and a unique account identifier, collected when you create an account.
- Conversation data — the messages you exchange with the Beyond Theory Guide advisor. These may include details about your work, projects and organisation that you choose to share. Conversations are stored when you save your work or use the service while signed in.
- Case files — the structured project records the service builds with you (problem statements, figures, goals, action lists and progress state).
- Usage events — product interaction events (for example, when a step is shown or a case is saved), linked to your account, used to understand where users get stuck and to improve the product.
- Email engagement — records of which service emails we have sent you.
- Feedback — answers you submit through our feedback form, including an email address if you provide one.
- Technical data — standard server logs (IP address, browser type, timestamps) generated by our hosting providers for security and reliability.
3. Why we process it (legal bases)
- Providing the service (contract) — running the advisor, saving and restoring your case files, authenticating you.
- Service emails (legitimate interest) — sign-in links, and follow-up emails about a case you have saved. Every follow-up email contains an unsubscribe option; we stop sending them when you ask.
- Product improvement (legitimate interest) — analysing usage events and feedback to fix problems and improve guidance.
- Security and legal compliance (legitimate interest / legal obligation) — preventing abuse and meeting our legal duties.
We do not sell your data, and we do not use it for third-party advertising.
4. AI-Assisted Delivery of Expert Guidance
Beyond Theory Guide is built on a practitioner-developed knowledge base — constructed from over two decades of real-world transformation experience, applied frameworks, and continuous refinement by domain experts. The guidance you receive reflects that curated expertise, not generic AI responses.
To deliver this guidance conversationally, Beyond Theory Guide uses Claude, an AI model provided by Anthropic, as its processing and language layer. Your conversation messages are transmitted to Anthropic's API solely to generate responses. Under Anthropic's commercial API terms, data submitted via the API is not used to train Anthropic's models.
The output you receive is practitioner thinking, delivered through AI — contextualised to your situation based on the expert knowledge base that powers the system.
Beyond Theory Guide guidance does not substitute for formal professional engagement specific to your legal, financial, or organisational circumstances. Where your situation requires specialist advice, we recommend consulting a qualified professional directly.
5. Service providers (processors)
We use a small number of providers to run the service. Each processes data on our behalf under a data processing agreement:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database (accounts, case files, conversations, events) | EU (Frankfurt, Germany) |
| Anthropic | AI responses for the advisor | United States |
| Clerk | Account creation and sign-in | United States |
| Resend | Sending service emails | EU (Ireland) |
| Netlify | Hosting (website and advisor) | United States |
| Vercel | Hosting (companion app) | United States |
| Feedback form storage | United States |
Where providers are outside the EEA, transfers are protected by the EU–US Data Privacy Framework and/or Standard Contractual Clauses.
6. How long we keep data
- Account data, case files and conversations — kept while your account is active; deleted on request (see section 7).
- Usage events — kept for up to 24 months.
- Feedback — kept as long as it remains useful for improving the product.
- Server logs — kept for short periods set by our hosting providers.
7. Your rights
Under the GDPR you can ask us to: access the data we hold about you, correct it, delete it, restrict or object to its processing, or provide it in a portable format. Email support@beyondtheorywhatworks.com and we will respond within one month. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or your local supervisory authority.
8. Cookies
We use only essential cookies: authentication session cookies set by Clerk so you stay signed in. We do not use advertising or cross-site tracking cookies.
9. Children
The service is intended for business use by adults. We do not knowingly collect data from anyone under 16.
10. Changes
If we make material changes to this policy, we will update this page and the date at the top, and where appropriate notify account holders by email.